[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Flaw in Macromedia JRun could let attacker take over
From: InfoSec News <isn () c4i ! org>
Date: 2002-05-30 8:34:23
[Download RAW message or body]
http://www.nwfusion.com/news/2002/0529jrunflaw.html
By Sam Costello
IDG News Service, 05/29/02
A buffer overflow in Macromedia's JRun Java 2 Enterprise Edition
server could allow an attacker to take complete control of a
vulnerable server, according to a bulletin released Wednesday by
security group Next Generation Security Software.
The vulnerability exists in JRun 3.1 running on Microsoft's Internet
Information Services (IIS) 4.0 and 5.0 on Windows NT 4 and Windows
2000, the group said in its alert. The group contacted Macromedia
about the bug in early April and a new version of JRun, Version 4.0,
has been released since then that should fix the problem, the group
said. The group urged users to upgrade to the newest version of the
software.
A patch to fix the issue without upgrading to JRun 4 is available from
Macromedia. Click here to access the fix [1].
The flaw, which can be exploited remotely, comes as a result of an
Internet Services Application Programming Interface (ISAPI) file
created when JRun is installed, the security group said. ISAPIs are a
part of IIS designed to offer more functionality to programs.
The ISAPI related to JRun can be accessed directly and acts like an
application when it is, the group said. When the file is accessed, it
is vulnerable to a buffer overflow that can allow any code supplied in
the attack to be run in the system's local security context, the group
said.
ISAPIs have caused a number of problems for users in the past year.
Mostly recently, Microsoft patched two IIS holes in April that allow
attackers to run code of their choice on vulnerable IIS systems.
Another ISAPI flaw was exploited in mid-2001 by the Code Red worm,
which infected thousands of computers worldwide and was one of the
year's major security events.
Next Generation Security Software's full alert can be found at the
group's Web site [2].
[1] http://www.macromedia.com/v1/Handlers/index.cfm?ID=22273&Method=Full
[2] http://www.nextgenss.com/advisories/jrun.txt
-
ISN is currently hosted by Attrition.org
To unsubscribe email majordomo@attrition.org with 'unsubscribe isn'
in the BODY of the mail.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic